On the Analysis of Byte-Granularity Heap Randomization

Cited 0 time in webofscience Cited 0 time in scopus
  • Hit : 28
  • Download : 0
Heap randomization, in general, has been a well-trodden area; however, the efficacy of byte-granularity randomization has never been fully explored as misalignment raises various concerns. Modern heap exploits often abuse the determinism in word alignment, and modern CPU architecture better supports unaligned access (since Nehalem). Based on such new developments, we conduct an in-depth analysis of evaluating the efficacy of byte-granularity heap randomization in three folds: (i) security effectiveness, (ii) performance impact, and (iii) compatibility analysis to measure deployment cost. Security discussion is based on 20 CVE case studies. To measure performance details, we conduct cycle-level microbenchmarks and report that the performance cost is highly concentrated to edge cases depending on the L1-cache line. Based on such analysis, we design and implement an allocator suited for byte-granularity heap randomization. On the negative side, our analysis suggests that byte-granularity heap randomization has high deployment cost due to various implementation conflicts. We enumerate the problematic compatibility issues using Coreutils, Nginx, and ChakraCore benchmarks.
Publisher
IEEE COMPUTER SOC
Issue Date
2021-09
Language
English
Article Type
Article
Citation

IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, v.18, no.5, pp.2237 - 2252

ISSN
1545-5971
DOI
10.1109/TDSC.2019.2947913
URI
http://hdl.handle.net/10203/287735
Appears in Collection
CS-Journal Papers(저널논문)
Files in This Item
There are no files associated with this item.

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0